Skip main navigation

Social Engineering: Examples

This video gives an illustration of phishing attempts using social engineering and playing on greed by posing as Microsoft or Amazon representatives.
6.3
So these are very real spoofing emails and different attacks. So this one’s a pretty common one. I see this one quite a bit - Amazon Service Reminder message - Greetings from Amazon. We placed on hold all your orders from Amazon because we detected unusual activity on it. You can help us by unlocking this account and logging in to your account and following the on-screen instructions. And it’s got the Amazon logo. It’s got the Amazon type font on there. There’s a button to verify my information, and this type of attack is essentially a fear attack. I can’t get my packages anymore. I can’t get my Amazon packages. My account’s on hold.
52
I need to click this verify information and enter my credentials. So what this is doing is it’s forcing me to take action, because if I don’t do this, I won’t be able to get my packages. I won’t be able to make orders and whatnot from Amazon. And, of course, what happens when I click that verify button, it’s going to take me to a very real looking Amazon page. I’m going to log in with my account, and they’re going to steal my login and password. So that is one type of attack, and this is a social engineering attack. Again, it’s presenting itself as Amazon.
84.9
It’s forcing me - it’s trying to scare me into oh, I got to verify my information, otherwise I can’t get my Amazon stuff. And if we look up here, we can see it’s actually not Amazon’s email address. It’s this really weird email address at mmxtheater.com. So obviously it’s not an Amazon email. But if you’re not paying close attention– if you’re just looking at the header Amazon service reminder, and it’s got this official looking number on it, and it’s got the Amazon logo on there, and it’s got the type font and whatnot, it kind of looks like an Amazon email. And when I look over here, if I’m just glancing I see something.amazon.com.
129.1
So a lot of users will think OK, well, this is from Amazon. It says it’s from Amazon. It’s got an Amazon logo. It looks like an Amazon email. Let me click this button and at least see where it goes. And, of course, it’s going to look like an Amazon website, even though it’s not going to be amazon.com. So again, this is a social engineering type email sent by a spear phishing or phishing email. So this next one is a Microsoft account. Your email account will expire in 48 hours. So again, this is forcing me to take action right away. I have 48 hours to reactivate my account. I’m going to have to click a reactivate button. Sincerely, the Microsoft team.
174.6
And this one is pretty good, because if we look up in here, it says account@microsoftonline.com. And again, they’re using the Microsoft Office 365 logo, the type of - we got the watermark down here from Microsoft. We have the Microsoft actual address here. And if I click on the Privacy or Legal button, it will probably actually pull up the real Microsoft legal and privacy agreement. However, if I click on Reactivate or Opt Out, it’s going to take me to a very real looking Microsoft page, and have me log in, and then, of course, steal my credentials. So this is forcing me to take action. I have 48 hours to fill out this information or my account will be deleted.
229.2
So again, the idea of social engineering a lot of times is either coercing someone - it’s always coercing someone to do something. And in this case, it’s scaring me into having to take action right away. It’s a scarcity, I have 48 hours. If I don’t hit that 48-hour window and reactivate my account and my credentials, I’m going to lose my account. So the easy way to figure this one out is well, I don’t have an Office 365 account, and matter of fact, if I look up this email address - this account@microsoftonline.com, you’ll actually find information that hey, this is actually a fake email address. So this is another one I get a lot - PayPal. My PayPal account is limited.
284.8
And again, it’s my account’s limited. It’s placed on hold. I’ve got to activate it. Again, if I click Activate, it’s going to take me to a very real PayPal website where I enter my credentials, and of course it’s going to steal it. So and if you look here, here’s another scare tactic. Your PayPal account is used to pay $403 for items on eBay. So again, it’s scaring me into hey, someone took $403 from my PayPal account to buy something on eBay. I never order anything from eBay, or at least not for that amount. So again, if you’re not paying close attention, you’ll see this PayPal logo looks real, the header looks pretty real.
332
We have the copyright for PayPal and the address here.
338.9
But the thing you should be worried about is well, for me, it was well, you sent this to the wrong email. I don’t have my PayPal account tied to the email they sent it to. Second of all, I can see this customer@live.com. It should really be my email address itself. Up here, I’m not sure why it would say Numero Del Caso. Since I am in the United States, everything should have been in English. And we see here that the service@intl.limited.com - that’s not a PayPal address. As a matter of fact, when we look further here, it’s really this long weird email address, and that’s certainly not PayPal. So again, it’s a social engineering attack where it’s trying to scare you.
384.3
Hey, my account’s been placed on limited. Someone used money from my PayPal account. I need to find out what’s going on. Click Activate, log in, and, of course, your credentials get stolen.

This video gives a detailed illustration of typical phishing attempts using social engineering and playing on greed by posing as Microsoft or Amazon representatives.

Many of us will have received emails purporting to be from large organizations like Microsoft or Amazon. This video details common examples of such messages – some of which you or a colleague may have received! After watching this video, you should know how to assess such a message to flag it as a possible scam.

This article is from the free online

Advanced Cyber Security Training: Network Security

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education